But then again I'm sorry, I have never seen what the big deal was about this. If you broadcast your crap around you can't blame people for receiving it.
Sure people's passwords may be in the data stream, but they broadcast it over an open connection. If your going to blame anyone blame the electronics shop sales guy, the hardware vendor and the TV "experts" that tell people that using an unencrypted wifi access point is completely reasonable.
You don't see what the deal is with a major corporation doing wardriving and packet capturing?
> If you broadcast your crap around you can't blame people for receiving it.
By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"?
Well, to more strictly match the analogy--if someone is walking around with a purse that is constantly leaking coins, and they get "robbed" (by someone finding some of said coins and wandering off with them), then I would say that that is their own fault, yes.
I don't, actually. There was no "hacking" or exploitation of any kind - any idiot with a wifi card can do the same thing.
>By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"?
If I stand on the corner shouting out my social security and bank account numbers, I expect somebody will rip me off. Changing the type of wave from a sound wave to a radio wave doesn't really change anything.
Come on that a bit excessive...
No one is hurt if packets are captured. Its not a violent act. Surely we can loose the hyperbolae.
I am saying that its not realistic to expect privacy if you do things in a public space, including broadcasting your data. If you choose to tell a story out on the street and I hear it you don't get to then say I am invading your privacy by hearing it.
Your analogy is broken, and I think you know it.
The bigger question is, "is it OK for someone to methodically collect data that people (inadvertently) broadcast about themselves?". The advertising industry has been doing it for years, and it's really a legal and ethical fuzzy area. The more productive conversation will revolve around privacy rights and expectations.
Most of the arguments here circle around "ah you were a fool to let your data out, so Google was wise and snooped it". WTF kind argument is that? Since when is it ok for a corporation to hire "experts" who go around collecting private data? What is this data for? Why, in the first place, do they have a wifi expert driving around doing that?
If they connected to the AP and ran nmap against my server yes it would be like that... but simply capturing packets that are broadcast into a public space I don't think is reasonable or realistic to expect it is some grave violation of privacy.
I don't think I will close my ears at any point.
I am more than moderately offended/troubled/irked by this excerpt, as it appears to deliberately depict the engineer as a "hacker" in the sense of Hollywood culture, rather than "hacker" as we know it in makers' terms.
In the wrong hands, the English language is much more potent and destructive than any programming language. An English Specialist can often cause more harm than a Wi-Fi Specialist.
Why do we have to be hackers? What was wrong with being developers?
Hackers became criminals and developers were Javabean coding wage slaves... given a choice criminal sounds cooler then wage slave.
It's a good thing journalists generally do no have Milner's level of knowledge, as surely they too would abuse it. Maybe even worse than Google. Milner's comment reflects the power of the knowledge he has. He has to take some responsibility for it.
Both Google engineers and NYT journalists do snooping on others for a living.
They are just at odds with each other, for various reasons; engineers for companies like Google generally do not like journalists and generally the same is true vice versa.
Google has a genuine PR problem. And journalists are watching their careers disintegrate with the advance of communications technology. It's an amusing little spat to watch.
Looking past the scare quotes, according to the FCC report it was just Kismet, and the problem basically just came down to deciding to write the non encrypted payloads to disk. He might know too much about wifi, but probably half the regular HN posters could have implemented the same system, if they chose to.
Interesting how this works. If I went wardriving and collected personal emails from unencrypted networks, I'd have my house rummaged by FBI agents, be hit with a 25,000-count felony wiretapping indictment and have some go-getter federal prosecutor try to convince a judge to sentence me to 7,000 years in prison. Then an appeals court might say reverse on the grounds that it was unencrypted. Maybe.
Google does it? A slap on the wrist and a small fine for "obstructing an investigation."
Do we know that for a fact? Sorry if well known, genuine question.
The public has the right to know. Otherwise, who decides what should be public or not, the ministry of big brother?
It doesn't sound particularly enigmatic to me. It seems like Milner is clearly saying that Google deliberately misrepresented his behavior as a rogue action to facilitate their legal self-protection when in fact it's obvious from their choice of the author of NetStumbler to work on Street View that his designated role was likely to involve making use of his expertise with Wi-Fi networks.
Not a chance.
I think the authors intended this to be read as 'wink wink yeah sure', but this sounds entirely plausible on both sides. The more detailed the spec is, the less likely anyone will read it. They probably just forwarded it around and assumed someone competent to render an opinion would raise a red flag if anything were not well thought out.
On page 15, the report even mentions "Engineer Doe" sending an email to a manager stating, "You might recall asking me about URLs seen over Wi-Fi...", and talking about the number of unique URLs retrieved (only 32,000 from 300 million packets). The manager asked if the URLs were sniffed from WiFi packets, and Doe responded in the affirmative.
[1]: http://s3.documentcloud.org/documents/351298/fcc-report-on-g...
While I don't know for sure which use of the word "hacker" Milner intends, the author of this article ought to have added a line like, "Software engineers use the word 'hacker' in a positive, non-malicious sense...", since this is effectively taking his words out of context.
The fault lies solely with Google whether by intent, lack of legal or legal ethics advice, lack of technical oversight, or management incompetence etc. This also seems to be the regulator's view.
However, Google itself and, of course, the media are quite happy to muddy the waters with a bit of "gone rogue" nonsense, though for differing reasons.
